Competitive comparison

Network detection and response delivers the most comprehensive insight into hidden threats and empowers incident responders to act with confidence. Network traffic analysis is a core technology for detecting hidden threats, but there are several decision criteria that you should consider. Read our detailed comparisons to learn more.

Featured upcoming events

About Vectra

Vectra is the world leader in applying artificial intelligence to detect and respond to cyberattacks in cloud, data center and enterprise infrastructures in real time, while empowering security analysts to perform conclusive incident investigations and AI-assisted threat hunting.

Comprehensive cyberattack detection and response is mandatory in today’s hostile data environments, and the stakes have never been higher. No other company comes close to Vectra in proactively hunting down cyberattackers and reducing business risk.

Our core team consists of threat researchers, white hats, data scientists, network security engineers, and UI designers. We constantly push the boundaries of what's possible to drive the next generation of security.

Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

On the cybersecurity website ThirdCertainty.com, Byron Acohido makes some very important points about the use of encryption by hackers to avoid detection tools and the need to detect these attacks. This is a water cooler discussion at Vectra headquarters. Encrypted traffic is an easy hiding place for attackers and difficult for organizations to deal with.

However, trying to monitor this traffic by decrypting first, performing deep-packet inspection, and then encrypting again at line-rate speeds is problematic, even with dedicated SSL decryption, especially in the long term. There are several factors at play here.

With an increasing global desire for privacy, more traffic is encrypted by default. It is becoming a standard for cloud applications. The Sandvine Internet Phenomena Report states that encryption doubled last year in North America.

This is actually great news, especially for consumer privacy. Enterprises have a strategy to encrypt everything. With this encryption however, attempts to perform SSL decryption mean there will be large volumes of encrypted data to process.

Encryption undermines traffic inspection

The growth of encrypted traffic in enterprise networks is having a large impact on security technologies that rely on deep packet inspection (DPI), whose efficacy is severely degraded as more traffic is encrypted.

Even worse, traditional security responses to handling encrypted traffic, such as man-in-the-middle decryption and inspection, will become impossible as we see an increase in certificate and public key pinning.

The performance of data leakage prevention (DLP) solutions, which rely on DPI, could be degraded by up to 95% while traditional signature-based IDS and IPS suffer a loss in functionality of up to 80%. This does not mean security should be the reason for not encrypting, because not encrypting traffic isn’t stopping attackers from doing it anyway.

Attacker behavior analytics works on encrypted traffic

The answer lies in the behavior of network traffic. Without even looking at what’s inside a packet, encrypted traffic has many observable characteristics and patterns that reveal attacker behaviors.

By observing the characteristic duration, timing, frequency, and size of packets, you can tell a lot about what users and host devices are doing. Data science models applied to traffic reveal these attacker behaviors. They show which side is in control of a conversation and tell you if it is human or automated, among other things.

About the author

Chris Morales

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.